4 matches found
CVE-2025-51643
Meitrack T366G-L GPS Tracker devices contain an SPI flash chip Winbond 25Q64JVSIQ that is accessible without authentication or tamper protection. An attacker with physical access to the device can use a standard SPI programmer to extract the firmware using flashrom. This results in exposure of...
CVE-2024-13892
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection. During the initialization process, a user has to use a mobile app to provide devices with Access Point credentials. This input is not properly...
CVE-2024-13892 Command Injection in Smartwares cameras
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection. During the initialization process, a user has to use a mobile app to provide devices with Access Point credentials. This input is not properly...
CVE-2024-13892
Smartwares CIP-37210AT and C724IP (and related firmware up to 3.3.0) are affected by CVE-2024-13892: during device initialization, unsanitized AP-credentials input from a mobile app enables command injection via the firmware. The vulnerability is rooted in improper input handling, potentially all...